I am using bolt.new to build a website and integrate the voice agent on similar to how it is done within the vapi platform and the documents page. however i am having some trouble with getting it to work on the actual website. the only error message i get is below The Content Security Policy (CSP) prevents the evaluation of arbitrary strings as JavaScript to make it more difficult for an attacker to inject unathorized code on your site. To solve this issue, avoid using eval(), new Function(), setTimeout([string], ...) and setInterval([string], ...) for evaluating strings. If you absolutely must: you can enable string evaluation by adding unsafe-eval as an allowed source in a script-src directive. ⚠️ Allowing string evaluation comes at the risk of inline script injection. 1 directive Source location Directive Status script-src blocked

I couldn't find enough info to help with the Content Security Policy (CSP) issue you're running into when integrating the voice agent with bolt.new. This looks like it might need a closer look from our team, so I'm escalating your question to a human expert who can dig in further and get you the right answer! If you want to check out the general integration docs in the meantime, you can find them [here](https://docs.vapi.ai/documentation/get-started/make-a-web-call) and [here](https://docs.vapi.ai/sdk/web). But hang tight—someone from the team will follow up with you soon!

Relax your CSP with 'unsafe-eval' (not recommended for security), refactor the integration to avoid eval(), isolate it in a sandboxed iframe, or contact Vapi for a CSP-compliant solution..

I’ll try that today